Security News > 2020 > December

In this article I'll consider next year's data security landscape with a focus on the two key issues you need to have on your planning agenda. While link sharing may be liberating, the data security ramifications lend the trend a darker edge that's hard for security professionals to control.

Concerns around security, privacy, cloud and technology resilience are being further fueled by shifting business priorities, the pandemic-induced remote work environment and accelerated deployment of new technologies, according to a survey from Protiviti and ISACA. Entering into 2021, IT audit groups - particularly those in more digitally mature organizations - are utilizing more dynamic and real-time approaches to technology risk assessment, which enables them to be more agile and responsive to the rapidly evolving risk landscape, driven in no small part by pandemic-related challenges. The findings reveal that 'digital leaders' - those self-characterized as having innovative and disruptive qualities, including a proven track record of delivering on digital and innovation initiatives and effective adoption of emerging technologies - weigh risks differently from companies with lower levels of digital transformation maturity and those who are in the earlier stages of defining and delivering on their digital and innovation agenda.

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. Many of Google's products, including Google Docs, come with a "Send feedback" or "Help Docs improve" option that allows users to send feedback along with an option to include a screenshot - something that's automatically loaded to highlight specific issues.

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank.

Fraud and bot-detection specialists White Ops has been acquired by the Goldman Sachs merchant banking division in partnership with investment firms ClearSky Security and NightDragon. Based in New York City, White Ops protects businesses and online e-commerce platforms from sophisticated bots that disrupt and hijack trillions of transactions globally.

OneTrust, a provider of privacy, security and data governance tools, announced a $300 million Series C funding round led by new investor TCV. The company's valuation has nearly doubled in the past ten months, jumping from $2.7 billion when the company announced its $210 million Series B round in early 2020, to a current valuation of $5.1 billion. OneTrust says that more than 7,500 customers, including more than half of the Fortune 500, use its technology to comply with ever-changing privacy, security, and compliance requirements.

Espionage attacks have recently zeroed in on the COVID-19 vaccine supply chain, The Zebrocy malware continues to be used by hackers in vaccine-related cyberattacks. Hackers Put Bullseye on Healthcare IP. Similarly, the U.S. Justice Department recently accused Chinese-sponsored cybercriminals of spying on COVID-19 researcher Moderna.

German cruise line AIDA Cruises is dealing with mysterious "IT restrictions" that have led to the cancellation of New Year's Eve cruises embarking this past weekend. Aida Cruises is a subsidiary of multinational cruise giant Carnival Corporation and predominantly caters to German-speaking passengers.

What if you lose your phone? Tom Merritt lists five additional ways to receive MFA codes, without SMS. Someone wrote in, after seeing my Top 5 about avoiding using SMS for multi-factor authentication, and asked, "Do you have any suggestions on how to protect myself from getting locked out of my accounts if my phone disappears or dies?" Great question. One advantage of SMS multi-factor authentication is that when you get your phone number on a new phone all the factors will get texted to you there.

Ransomware attacks in 2020 dominated as a top threat vector this past year. In October, the U.S. Department of the Treasury said that companies that facilitate ransomware payments to cyber-actors on behalf of victims may face sanctions for encouraging crime and future ransomware payment demands.